Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b7e27567f201a840d0f9c12cf0a2d734
-
Size
264KB
-
Sample
240306-t8necacg36
-
MD5
b7e27567f201a840d0f9c12cf0a2d734
-
SHA1
1bc2fd9116bffab627b0ea37ff0bb7c49726b9a5
-
SHA256
eedbfa19e0dea5bf1cb8ddd108ecc4ddc8a67481fafa759e588da3125228992e
-
SHA512
30b0f5c7297e83c0ebeef938eea9edc18cc7149d1aef6a1eaa16c83d0f03167bd9fe8bb3a1f21a614af81c589e82a505a3f9d4e98934c7d452bec95eab205aac
-
SSDEEP
6144:MuT4E4r0VSSzM/pGewA8JSc1G3PKArAdld/6Vl/J5FA:H4rESSzMvwAiSWmPYP16Vl/x
Malware Config
Extracted
smokeloader
2020
http://readinglistforaugust1.xyz/
http://readinglistforaugust2.xyz/
http://readinglistforaugust3.xyz/
http://readinglistforaugust4.xyz/
http://readinglistforaugust5.xyz/
http://readinglistforaugust6.xyz/
http://readinglistforaugust7.xyz/
http://readinglistforaugust8.xyz/
http://readinglistforaugust9.xyz/
http://readinglistforaugust10.xyz/
http://readinglistforaugust1.site/
http://readinglistforaugust2.site/
http://readinglistforaugust3.site/
http://readinglistforaugust4.site/
http://readinglistforaugust5.site/
http://readinglistforaugust6.site/
http://readinglistforaugust7.site/
http://readinglistforaugust8.site/
http://readinglistforaugust9.site/
http://readinglistforaugust10.site/
Targets
-
-
Target
b7e27567f201a840d0f9c12cf0a2d734
-
Size
264KB
-
MD5
b7e27567f201a840d0f9c12cf0a2d734
-
SHA1
1bc2fd9116bffab627b0ea37ff0bb7c49726b9a5
-
SHA256
eedbfa19e0dea5bf1cb8ddd108ecc4ddc8a67481fafa759e588da3125228992e
-
SHA512
30b0f5c7297e83c0ebeef938eea9edc18cc7149d1aef6a1eaa16c83d0f03167bd9fe8bb3a1f21a614af81c589e82a505a3f9d4e98934c7d452bec95eab205aac
-
SSDEEP
6144:MuT4E4r0VSSzM/pGewA8JSc1G3PKArAdld/6Vl/J5FA:H4rESSzMvwAiSWmPYP16Vl/x
Score10/10-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Deletes itself
-
Suspicious use of SetThreadContext
-